Gordon Brown’s government has lost another batch of sensitive information, this time courtesy of one of his own cabinet ministers.
A laptop belonging to Hazel Blears, the Communities and Local Government secretary, was stolen from her constituency office in Salford over the weekend, it emerged this afternoon.
The Press …

COMMENTS

hmm

Right lets just open up all this data

there is no point in making it secret if the tw*ts can't keep it secret. If it was open information then no one would bother looking at it as it would not be worth looking at as everyone would know what it contains and there would be no advantage to anyone.

Look, if everyones CC details, DOB, Bank, Address etc was openly available what would be the point in identity fraud, we would all be able to defraud the fraudsters and the value of the information would be 0.

While we are at it lets get rid of money, and shops, and 'pooters and t'internet.

Right I am off to live in Brazil in the Mountains close to Peru and shoot arrows from my trusty bow at unmanned drone aircraft.

All those poor double agents

I feel sorry for all those poor British double agents, who traded their integrity for the dream of owning a Swiss Chalet or estate in the Bahamas. What foreign spy would pay them for their secrets, when all the spy has to do is ride the circle line until some idiot drops a dossier?

Couldn't happen to a nicer person

'The BBC however reported that “the machine contained a combination of constituency and government information which should not have been held on it". These included “sensitive documents relating to defence and extremism,” the Beeb said.'

So Hazel's been using her computer in breach of her conditions of employment - I say a nice light firing is in order.

Just once

It needs to fall into the wrong hands, Top Secret data relating to this special project or the other, winging its merry way to Mr Alan Qaeda.

Oh look, a lovely big explosion here or there.

Then it will be our fault for not being vigilant enough, same as global warming's our fault for leaving a telly on standby..

Oh no, never their faults, big companies/government doing exactly how they please, it would be nice if we lived in a world where this shit doesn't matter, but it does and they need to get their heads out of their arses and protect us for fucks sake, WITHOUT eroding our freedoms in the process.

It seems pointless to complain, nothing will change, until I take a personal march down to London and kick that fat twats hairy arse out of #10. Even that wouldn't matter, we'll just get another arsehole in power instead.

Anyway, I'll be the first off this hell hole of a planet the day FTL drives are invented.

The reasons are 4 fold

1. Cultural

2. Technical

3. Procedural

4. Personal

Culturally, the first UK government failing is that they misunderstand data. They truly believe that 'official' information belongs to THEM. This means to include that information about YOU, once held by ANY HMG department it is 'official' and belongs to HMG and that it relates to, or refers to, you is now irrelevant. The second cultural failing is they seem unable to distinguish between 'policy' (see 3) and putting policy into practice (see 4). The third cultural failing is a lingering belief that security-by-obscurity works. (Contrast the Canadian Security Policy (available on the www), the opening sentence of which says something along the lines of: "The CSP exists to safeguard the security and welbeing of Canadians" with the opening CHAPTER of the UK equivalent (that I will not name but will let you know is NOT available on the www), which woffles on and on (you need to take my word on this, most of you) about 'official information' without bothering to defnie what 'official' actually means or ever mentioning 'people').

Technically, the UK government failing is that they think abandoning an encrypted laptop in a tapas bar (or similar) is not the same as abandoning a piece of paper on the 10:42 Waterloo to Strawberry Hill (or similar). Narrowly, they are correct, the failing is misunderstanding the public perception. The crypto on la Blears machine will be deemed to 'downgrade' SECRET to RESTRICTED. That the machine is at RESTRICTED means our Minister should have, as a bare minimum, PUT IT AWAY, in a locked filing cabinet would probably suffice.

Procedually, the UK government failing is that they have all sorts of policy in place, but it is not effectively pursued. You would not want all the HMG 'policy' printed in hard copy on A4 to land on your head - it would HURT. The policy requires frequent audits, checks, balances, awareness refreshers &c to be conducted. Sady, reality at the coal face is that lip service is paid to 'policy'.

The personal failing is that significantly less than 1% seem to actually CARE.

Indeed

Stu's right. Why the hell are people that don't know how to encrypt data or work with data on servers without downloading it to their portable laptops being given access to secret data in the first place?

PRON

I don't know what's worse...

Hazel blears losing top-secret, potentially dangerous or atleast important information, or, there not being anything of value on what is undoubtedly an expensive, paid-for-by-tax laptop bought so that it could be worked on. Except her holiday plans and pictures she hasn't yet added to myspace.

Of course i'm being sarcastic! i don't honestly expect there to be work on it.

Re: I smell a rat

I agree with John. There is something else (I don't know what it is yet) that they have been told to force through (by their bosses at the Berlaymont Building). Its being timed for now so that they can bring out some grave announcement to try to spoil David Davis's efforts to put the civil liberties issue firmly onto the public agenda.

Alternative ?

Don't give them ANY data on the laptop. Buy them a 3G card and keep all the data safely away on a server - unable to download it; in fact, punish them - make them run Citrix over 3G so all the PC gets is the image of the data. Yes, there may well be images in the Windows Swap file, but we're talking about Restricted data, not SECRET data.

Either that or install TrueCrypt on all the machines - it's SO EASY ! OK, the NSA can read it but we trust the NSA... don't we ?

Last thing, make it a disciplinary offence not to keep data encrypted. You can't stop laptops being stolen, you can make it an offence to keep certain types of data unencrypted. It's bit like a company car - cars will get stolen - can't punish people for that, but if you leave the keys in the ignition...

Classifications

As they're saying there was no secret or top secret information, this presumably means there *was* confidential and restricted stuff. Quite why someone who sets government policy was walking around with confidential information in the plain on a laptop ... well, it needs more than "a tightening of policy", it's negligence which merits at least sackings, if not prison.

Still, it puts the inadequacies of the NHS spine in perspective.

[posted as AC coz my employers sell lots of laptops to government departments]

@ Dave & others

Downgrade to RESTRICTED but only as a comparative paper document - i.e. still RESTRICTED but in the wrong hands.

If you think that this is the worst HMG can do, start to panic now and pack your bags. There are plans afoot to 'ensure' information integrity across government that means that they will determine who / what can connect to their services. If your AV isn't up to date, you can't do your Tax return......no HW firewall, no access to YOUR medical records......etc

Will the last one to leave the country please turn off the lights (if we still have electricity at that point).

Rat smelling time ....

@Nano nano

Because returning the bios to default isn’t something a 5 year old can do?

The reason that these people are making such awful fuckups is because they believe they are important.

From my experience, dealing with banks, institutions, local authorities and government bodies. The higher up the person is in the organisation, the more they resent having to do anything "manual".

1 Like learning how to use the features of their machine.

2 Following the same rules as the rank and file.

3 Being held accountable for their mistakes

Who the fukcing hell leaves their laptop at work if there is any data on it that is sensitive?

They wouldn’t leave their credit cards on the table when they went home because this would affect them personally.

The ONLY fix is to make the bastards serve jail time.

This isn’t a joke, they need to understand that they ARE accountable, and if you set yourself up above the normal plebeians, pass laws to controls those plebs and then blatantly let them down, then 20 years in Pentonville should sort them out.

"If you think that this is the worst HMG can do" - reply

You seem to have misread my rant about the 4 pillars of ignorance. My imagination runs riot when I try to think if the worst HMG can do; especially as they work to blur the crucial distinction between security and liberty.

I am not discounting possibilities that this 'theft' and the recent abandonment of paperwork are drip feed to sensitize the proles into believing that restrictions on our liberty are the only countermeasure in this Information Age. Back to the abandoned paperwork: marked TOP SECRET yet Mark Urban at the Beeb read them and said "not much to see here"

A) Mark Urban has been 'got at' & was told to say that - OR

B) Yet another aspect of procedural failing in HMG, 'everything in this department is TS'. Applying inappropriate markings is as bad as applying no markings.

I am an optimist & I will prefer B)

Meanwhile, back to work designing thin client security architectures for HMG that look after the data by design on the server no matter how good the user was in stupidity class (loving the Citrix over 3G idea)

cos I am a good citizam

@Graham Marsden, Gordon Brown

Those would be the finger scans that are about as effective against hackers or anyone with a screwdriver (or, apparenlty, a ballistics gel copy (or even photocopy) of your fingerprint lifted from, say, the keyboard of the laptop you've just nicked).

Fair enough it'd deter most of the less dedicated thiefs on a fingerprinted Flash drive but again anyone with an ounce of dedication could get at it. Especially on ones with "password protected", i.e. non-encrypted, contents- crack case, remove flash ICs, get pinout from teh internetz/manufacturer (or find it out yourself), stick in eeprom-reader-like device that sequentially accesses every bit of data on it and feeds it into an image on a host PC. Mount the nice image on your trusty Linux installation.

This is to do with the government, so I've got to ask "where's the IT angle". Useless buggers that they are.

Useful for terrorists

For the love of God...

will they please start issuing laptops to Civil Servants that are just thin clients with no useable hard drive to speak of. I worked in the civil service for a while doing tech support and time and time again people ignore the security policy or whatever reason stuff is meant to be kept on the servers, then work on a local copy for days and cry when their hard drive dies or they delete it and it's all gone and not safe on the server. Jeez.

Take a cue from Akon...

Simple Answer

If bosses/cabinet muppets faced a very large fine and or jail time for loosing data especially data which has not been encrypted or password protected (And said password was not on a postit note attached to the CD/tape/laptop) you can sure as hell bet they would be a lot more careful about data security especially data with OUR details on it. Until management are held accountable for f*ck ups like this then we are all going to hear more stories about "data loss" every other week.

Biometric scans

There is a difference between a finger scan on your laptop and one the government wants to have from you. Your laptop only checks against the record it holds for your print. If this was validated against a server holding finger scan codes then that's a bit different.

If the National ID becomes your Internet Login and your Carbon Credits and your Credit Card then we are in big trouble.

Allowing the theft may well have been accidental but someone took the decision to go public with this. To what purpose, safe return of the computer? The laptop may just have held correspondance but it could also have held 60,000 records of register of voters she is MP for. That could be some very tasty info.

and the rest ...

Rules

All the people going on about TrueCrypt and thin clients are missing the point. There are well established rules for handling classified data. There are also approved hardware and software encryption products for handling the different levels of classification on computers.

The people who have lost this information are aware of the rules (and the law) and have chosen to breach them.